White paper
XProtect Expert and XProtect
Corporate - System Architecture
Guide for IT Professionals
Prepared by:
John Rasmussen, Senior Technical Product Manager, Corporate Business Unit
Milestone Systems
Date: September 18, 2015
Table of Contents
Introduction ......................................................................................... 3
Purpose and target audience ............................................................... 3
Designed for network and IT systems .................................................. 3
Overall system architecture ................................................................. 5
System modules ................................................................................... 6
Server components .............................................................................. 6
Management server .................................................................................... 6
Failover management server ....................................................................... 8
Recording server ......................................................................................... 8
Failover recording server ............................................................................ 9
Event server .............................................................................................. 10
Failover event server ................................................................................ 10
Log server ................................................................................................. 10
Service channel ......................................................................................... 11
Mobile server ............................................................................................ 11
SQL server ................................................................................................ 11
Client components ............................................................................. 11
Management Client for XProtect® ..............................................................
XProtect Smart Client ................................................................................
XProtect Web Client ..................................................................................
Milestone Mobile .......................................................................................
11
12
13
14
Additional products and components ................................................. 14
XProtect Smart Wall 2014 ......................................................................... 14
MIP SDK .................................................................................................... 15
Software Manager ..................................................................................... 15
System Implementation Guide ........................................................... 15
Important notes: ....................................................................................... 16
Standard system designs guide ................................................................. 16
Integration with standard IT technology .................................... 24
Benefits and summary ............................................................ 28
Page2 of 30
Introduction
XProtect Expert® and XProtect Corporate® are high-end Milestone video management
software (VMS) designed for complex and large-scale installations.
Throughout this white paper, XProtect Expert and XProtect Corporate are referred to
as the “VMS” because they share the same architecture and components.
Purpose and target audience
The purpose is to provide insight to the benefits and ease of using Milestone XProtect
Expert and XProtect Corporate as the VMS, including introducing the system
components and the system architecture. Furthermore, this white paper will give
recommendations for system layout designs and provide links to more information on
specific topics.
This white paper should enable the reader to understand the overall system
architecture, the primary system components and their functions, as well as give
guidelines to basic system design.
The primary audience for this white paper is system integrators and IT administrators
with limited experience using Milestone XProtect Expert and XProtect Corporate VMS
products who are in the process of selecting, deploying, administrating, maintaining
and expanding a VMS system.
The reader is assumed to have a general understanding of administrating IT and
network installations. General knowledge about video encoding standards like MJPEG,
MPEG4 and H.264 as well as transmission of video over IP networks is recommended
but not required.
Designed for network and IT systems
Milestone XProtect Expert and XProtect Corporate are from a technical standpoint
designed as an IT system, and their general network and client/server design, overall
system logic and management principle should be very familiar for IT administrators
used to working with large networks and IT systems.
Run on standard IT equipment
 Standard servers of your choice
 Standard storage and configuration of your choice, like SATA, SAS, SSD, DAS,
SAN, NAS, iSCSI, etc.
 Standard network equipment and any configuration and layout of your choice
including support for VLAN, VPN, etc.
 Integrates with the standard Active Directory already present in most
installations
Page3 of 30


Use standard Microsoft SQL Server for storing the VMS configuration
Support for port customization and port forwarding to support routed networks
and firewalls
Wide choice of Microsoft® Windows® operating systems, for instance:
 Microsoft Windows 7
 Microsoft Windows 8
 Microsoft Windows 8.1
 Microsoft Windows Server 2008
 Microsoft Windows Server 2008 R2
 Microsoft Windows Server 2012
 Microsoft Windows Server 2012 R2
(for specific details see: http://www.milestonesys.com/SystemRequirements/)
Support virtualization technology
 Support for VMware
 Support for Microsoft HyperV
Easy installation and upgrade
 Both products are offered in trial versions that can be easily upgraded to a paid
version without having to redo the integration or configuration
 XProtect Expert can seamlessly be upgraded to XProtect Corporate by applying
a new license file; there is no need to reinstall or reconfigure anything
 Components and clients are hosted on the management server for easy
download and distribution so there is no need to use CDs or USB drives to
distribute the software
 Easy upgrade or addition of camera drivers via dedicated device packs so there
is no need to upgrade all components and clients to support new camera
models or camera firmware
Flexible deployment that can be scaled over time
 Scalable distributed system architecture with system components that can be
run on one or more dedicated servers or on shared servers depending on
system size and configuration. This enables the choice of the most cost-efficient
hardware solution for the particular installation whether it is a small or large
installation.
 Support for Milestone Federated Architecture™ to tie related systems together
http://www.milestonesys.com/SharePoint/White%20papers/Milestone_Federate
d_Architecture_with_synapsis.pdf
 Support for Milestone Interconnect™ to tie independent systems together
http://www.milestonesys.com/SharePoint/White%20papers/Milestone_Intercon
nect.pdf
Central management and monitoring
 All management is done through a single Management Client that can run on
your local workstation so there is no need to use remote desktop to access and
configure the VMS
 Strict control of access rights to control who can see the cameras and what
functions users can access
Page4 of 30

Built-in server and system monitoring including email notification on events and
failures. Alternatively use standard IT tools to monitor the servers, storage,
network, etc.
Secure and reliable architecture
 Camera and client networks can be separated to ensure reliable and secure
operation of the video system, because any interference on the client network
does not interfere with video recording from the camera network. Furthermore,
because cameras cannot be accessed from the client network there is no risk
that users or other unauthorized persons can access or hack cameras and
tamper with settings or gain access to video
 Should cameras be connected via the Internet or used in high-security
installations, the camera to recording server communication can be secured by
using HTTPS
http://www.milestonesys.com/SharePoint/White%20papers/Ensuring_end-toend_protection_of_video_integrity.pdf
 Redundancy supported via Microsoft clustering on the management servers and
dedicated hot-standby or cold-standby failover recording servers
Predictable cost
 Transparent and simple license structure
o Base license: The base license unlocks all software functionality and can
be used on multiple sites when owned by the same legal entity
o Hardware device license per connected hardware device (one hardware
license per IP/MAC). See supported hardware page for an overview of
licenses needed per device type http://www.milestonesys.com/solutionpartners/supported-hardware/xprotect-corporate-and-xprotect-expert/
o Mandatory Milestone Care Plus is mandatory for the whole XProtect
Corporate installation for the first year gives access to new product
versions for free
 No license cost on storage amount used
 No license cost on clients because they are free of charge
 Predictable maintenance cost because the system runs on standard IT
equipment
Overall system architecture
Milestone XProtect Expert and XProtect Corporate are state-of-the-art VMS designed
for advanced high-security, large-scale installations.
In order to be able to scale to thousands of cameras across multiple sites, the VMS
consists of several components that handle specific tasks. All components can be
installed on the same server if the server is able to handle the combined load, or the
components can be installed on separate dedicated servers to scale and distribute the
load. Smaller systems of about 50-100 cameras (depending on hardware and
configuration) can run on a single server, where as it is recommended to use
dedicated servers for some of the components in larger systems.
Page5 of 30
Furthermore, not all components are needed in all installations, but they can be
installed if the functionality they offer is needed. For example, failover recording
servers and mobile server for hosting and providing access to both the XProtect® Web
Client and Milestone Mobile client.
The below diagram shows an overview of the different system components and further
down there is a general description of each component.
System modules
Note:
 Failover recording servers are not supported in XProtect Expert
 XProtect® Smart Wall is an add-on product to XProtect Expert
Server components
Management server
The management server is the central component of the VMS and is responsible for
handling the system configuration, distributing configuration to other system
components, such as recording servers, and for facilitating user authentication.
The configuration data is stored in a standard Microsoft SQL server installed either on
the management server itself or on a separate dedicated server.
Page6 of 30
System components and clients repository
In addition to the management server’s VMS function, the management server also
hosts a repository of all other system components. Two dedicated download pages for
server components and client applications makes it easy and convenient for
administrators or integrators to download and install the other system components
and client applications on additional servers and workstations, without the need to
copy the component installers on USB sticks and manually carry them to the other
servers.
Client download page (does not require log in): http://[server-address]/installation/
Server component download page (may require log in): http://[serveraddress]/installation/admin
Page7 of 30
When a system is upgraded to a new version the components on the download pages
are also upgraded, so during the system upgrade the download page can also be used
as a distribution point for the other server components that should be upgraded.
When Milestone releases new add-on components or versions of existing components
or clients they can be downloaded from the Milestone website and placed on this
download page for further download and distribution in the video surveillance
installation.
Updated versions of the VMS, components and clients can be found here:
http://www.milestonesys.com/downloads/. Look for “Server-side” installers on the
web page to download and install updated components and clients on the VMS
download page.
Failover management server
Failover support on the management server is achieved by installing the management
server in a Microsoft Windows Cluster. The cluster will then ensure that another server
takes over the management server function, should the first server fail.
For more information on configuring clustering in Microsoft Windows Server 2008 R2:
http://technet.microsoft.com/en-us/library/ff182338(v=ws.10).aspx.
For more information on configuring clustering in Microsoft Windows Server 2012 R2:
http://technet.microsoft.com/library/hh831579.
Recording server
The recording server is responsible for all devices (cameras, video and audio
encoders, input/output (I/O) modules, metadata sources, etc.) communication,
recording and event handling, for example:
 Retrieve video, audio, metadata and I/O event streams from the devices
 Record video, audio and metadata
 Provide access to live and recorded video, audio and metadata
 Provide access to device status
 Trigger system and video events on device failures, events, etc.
 Perform motion detection and generate Smart Search metadata
Furthermore, the recording server is responsible for communicating with other
Milestone products when using the Milestone Interconnect technology.
The standard licensing model does not impose restrictions on the number of recording
servers that can be added to a setup.
For more information on Milestone Interconnect:
http://www.milestonesys.com/SharePoint/White%20papers/Milestone_Interconnect.p
df.
Device drivers
An essential part of the recording servers is device drivers. These drivers work as the
interface between the recoding server and the devices (cameras, video and audio
encoders, I/O modules, metadata sources, etc.). A dedicated device driver is needed
Page8 of 30
for each individual device or series of devices from the same manufacturer. In
addition to the dedicated device drivers, the VMS also supports a generic ONVIF driver
so all ONVIF-compliant devices can be used.
The device drivers are by default installed as a device pack when the recording server
is installed, but can later be updated by downloading and installing a newer version of
the device pack. New device packs are typically released every other month.
For more information on supported devices:
http://www.milestonesys.com/Supported-hardware-XProtect-Corporate/.
New device packs can be downloaded here:
http://www.milestonesys.com/Support/downloads/
(select “Device Packs” in the “Type” dropdown).
Media database
The retrieved video, audio and metadata is stored in the Milestone dedicated highperformance media database optimized for recording and storing video, audio and
metadata.
The media database supports various unique features like tiered multistage archiving,
video grooming, encryption and adding a digital signature to the recordings.
The media database supports a tiered storage architecture with “live” recording
database and the archives distributed across different storage systems and
technologies, making it possible to design and optimize the storage solution for both
performance (recording), size (retention) and cost.
For more information on the media database and the storage architecture:
http://www.milestonesys.com/SharePoint/XProtectCorporate/4_0%20and%204_1/Wh
itepapers/Milestone_Storage_Architecture_with_synapsis.pdf.
Failover recording server
The failover recording server is responsible for taking over the recording task should a
recording server fail.
The failover recording server can operate in two modes:
 Cold-standby for monitoring multiple recording servers
 Hot-standby for monitoring a single recording server
The difference between the cold-standby and hot-standby failover modes is that in the
standard failover mode the failover recording server does not know from which server
to take over recording, so it cannot start until a recording server fails. In the hotstandby mode the failover time is significantly shorter because the failover recording
server already knows which recording server from which it should take over recording
and thus can pre-load the configuration and start up completely, except for the last
step of connecting to the cameras.
Page9 of 30
Event server
The event server handles various tasks related to events, alarms, maps and thirdparty integrations via the Milestone Integration Platform Software Development Kit
(MIP SDK).
Events:
All system events are consolidated in the event server so there is one place and
interface for partners to make integrations that use system events.
Furthermore, the event server offers third-party access to sending events to
the system via the generic events or analytics events interface.
Alarms:
The event server hosts the alarm feature, alarm logic, alarm state as well as
handling the alarm database.
Maps:
The event server also hosts the maps that are configured and used in the
XProtect® Smart Client.
MIP SDK:
Finally, third-party developed plug-ins can be installed on the event server and
access system events.
All data handled by the event server, such as alarms, maps and event logs, are stored
in the same SQL server the management server uses.
Failover event server
Failover support on the event server is achieved by installing the event server in a
Microsoft Windows Cluster. The cluster will then ensure that another server takes over
the event server function should the first server fail.
For more information on configuring failover clusters in Windows Server 2008 R2:
http://technet.microsoft.com/en-us/library/ff182338(v=ws.10).aspx.
For more information on configuring failover clusters in Windows Server 2012:
http://technet.microsoft.com/library/hh831579.
Log server
The log server is responsible for storing all log messages for the entire system. The
log server uses the same SQL server as the management server and is typically
installed on the same server as the management server, but can be installed on a
separate server if the management or log server performance needs to be increased.
The system can log three types of logs:
 System log: the system administrator can choose to log errors, warnings and
information and combinations of these. Default is logging errors only
 Audit log: the system administrator can choose, in addition to log-in and
administration logs, to log user activity in the clients
Page10 of 30

Rule log: the rule log can be used by the system administrator to create logs
on specific events
Service channel
The service channel is responsible for communicating various service and
configuration messages to the XProtect Smart Client and mobile server, and thirdparty components listening to the service channel. This could, for example, be
communicating updates to an XProtect Smart Wall monitor layout or communicating
that a failover server now is active and the address of it.
Mobile server
The mobile server is responsible for hosting the XProtect Web Client and for providing
access to the VMS for the XProtect Web Client and Milestone Mobile client users.
In addition to acting as a system gateway for Milestone Mobile and XProtect Web
Client, the mobile server also offers video transcoding capabilities because the original
camera video stream in many cases is too large to fit the bandwidth available for the
mobile and web users.
The video streams to Milestone Mobile and XProtect Web Client by default are
transcoded, so it is highly recommended to install the mobile server on a dedicated
server, or install the video decoder plug-in in the browser so the streams can be
retrieved and decoded in the original format without transcoding them.
SQL server
The management server, event server and log server use an SQL server to store
configuration, alarms, events and log messages, etc.
The XProtect Expert/XProtect Corporate installer includes Microsoft SQL Server 2012
Express that can be used freely.
For larger systems more than 300 cameras it is recommended to use the SQL Server
2008 R2 Standard or Enterprise edition on a dedicated server, because these editions
can handle larger databases and offer backup functionality.
As with all other IT systems it is important to configure scheduled backup of the
database so that configuration is not lost in case of failures.
Client components
Management Client for XProtect®
The Management Client is the administration interface for all parts of the VMS.
The VMS is designed for large-scale operation and the Management Client is thus
designed to be run remotely from, for example, the administrator’s computer.
Page11 of 30
The Management Client has a “Site Navigation” tab (1), where nodes for various parts
or functions of the system can be selected, for instance cameras, as shown on the
above screenshot.
Selecting a node will show the settings for this node, typically in a second tree
structure because there often are more sub items that can be managed (2). When an
item is selected the settings are displayed in the properties dialog shown in the right
side of the client (3). Items can have many settings, and if so the different settings
are grouped on different tabs.
XProtect Smart Client
The XProtect Smart Client is the main client for the VMS offering a full set of advanced
features. It is designed for day-to-day use by dedicated operators.
The XProtect Smart Client is designed to be run remotely on the operator’s computer
and supports multi-screen use in full-screen mode as shown below, or as floating
windows where the windows can be resized and moved freely.
Page12 of 30
Furthermore, the XProtect Smart Client has tabs dedicated to different tasks: live
monitoring, playback and investigation, Sequence Explorer for investigation, alarms
for alarm management and system monitor for monitoring the state of the system
servers, cameras, storage, etc. Add-on products and third-party integrations can add
additional tabs providing a dedicated user interface for their functions for instance for
LPR or Access Control Management.
For more information about the XProtect Smart Client:
http://www.milestonesys.com/xprotectsmartclient/.
XProtect Web Client
The XProtect Web Client is the client designed for the occasional or remote user that
needs easy access to live monitoring, playback and export. Furthermore, the XProtect
Web Client gives access to activate system events and outputs.
Page13 of 30
For more information about the XProtect Web Client:
http://www.milestonesys.com/our-products/clients/xprotect-web-client/
Compatible browsers can be found here: (click on XProtect Web Client)
http://www.milestonesys.com/SystemRequirements/
Milestone Mobile
Milestone Mobile is the client designed for the user on-the-go. It offers easy access to
live and playback of cameras, as well as access to activate system events and
outputs.
Furthermore, the Milestone Mobile client can be used as a remote recording device by
using the device’s built-in camera and the Milestone Video Push feature. When
activated, the video from the device’s camera is streamed back to the VMS and
recorded like a standard camera.
Milestone Mobile is available for Apple®, Android™ and Windows Phone 8 devices.
For more information about Milestone Mobile:
http://www.milestonesys.com/our-products/clients/milestone-mobile/.
Compatible smartphone operating systems can be found here: (click on Milestone
Mobile)
http://www.milestonesys.com/SystemRequirements/.
Additional products and components
In addition to Milestone XProtect Expert and XProtect Corporate VMS, Milestone has a
set of add-on products and utilities, of which the most important ones are highlighted
below.
XProtect Smart Wall 2014
Page14 of 30
XProtect Smart Wall 2014 is a Milestone video wall product.
XProtect Smart Wall is designed for control centers to display live video from select
cameras on one or more video wall displays.
The cameras to display can be selected manually by the operators using the XProtect
Smart Client, via the VMS’ rule system on events and/or time schedule, or via MIP
SDK integrations.
XProtect Smart Wall does not require installation of additional components or clients.
All XProtect Smart Wall components are natively embedded in the VMS and the
XProtect Smart Client. All that is needed is a license that includes XProtect Smart
Wall.
XProtect Smart Wall 2014 is included in XProtect Corporate 2014 and can be
purchased as an add-on for XProtect Expert 2014.
For more information on XProtect Smart Wall:
http://www.milestonesys.com/xprotectsmartwall/.
MIP SDK
The MIP SDK is a comprehensive tool that facilitates the integration of applications for
Milestone VMS. The MIP SDK provides flexible access to video, events, metadata and
configuration data as well as optimized functions for access control integration. The
MIP SDK extends the software’s functionality by allowing developers to create new
and powerful surveillance solutions optimized for a specific system and purpose.
To support the integration of different third-party applications and systems, the MIP
SDK has different integration methods, including protocol integration, component
integration and a unique plug-in abstraction layer. Using the plug-in integration,
solutions become a fully integrated part of the XProtect VMS user interface.
For more information about the MIP SDK:
http://www.milestonesys.com/mipsdk/.
Software Manager
The Software Manager is a tool that from a central point can be used to remotely
install and upgrade recording servers, recording server device packs and XProtect
Smart Clients on servers or PCs in the network.
For larger installations the tool makes it easy and fast to upgrade the components
that are installed remotely and in many places; namely the recording servers and
their device packs as well as all the client PCs.
http://www.milestonesys.com/our-products/xprotect-addons/xprotect-utilities/ .
System Implementation Guide
Page15 of 30
Important notes:
VMS design: In addition to the system designs presented in the below guide, it is of
course possible to design the VMS in other customized ways to suit specific cases as
well as to use specialized or high-performance equipment and technologies like
virtualization, hardware redundancy, etc.
Number of cameras per recording serves: The guide and the designs do not
consider the number of cameras you can run per recording server, but reflect a
location (physical or in the network) of the recording server. This means that the
recording server symbol in the below designs should not be taken literally as one
single recording server but more as an indication of the recording server functionality
in the location, which then could be covered by one or more recording servers.
Server specifications: To get assistance with server requirements, larger VMS
projects or projects with more specialized requirements than the ones covered in the
below design guide, please use our request form on the web page below or contact
your local Milestone representative.
http://www.milestonesys.com/support/presales-support/request-for-serverspecifications/ .
Storage needs: Recording server storage estimators can be found here:
MPEG4/H.264 http://www.milestonesys.com/storagecalculatormpeg4/.
MJPEG http://www.milestonesys.com/storagecalculatorjpeg/.
Standard system designs guide
When deciding how to implement the VMS the first thing to consider is the physical
location of the sites that should be surveyed, where the users of the VMS are located
and how the network infrastructure is if the installation covers multiple physical
locations.
For VMS installations with a “typical” design and configuration running on off-the-shelf
equipment, the below design guide can help illustrate the right way to implement the
system.
Page16 of 30
Design 1 – Single system. Less than five cameras / Demo system
This VMS design is the simplest possible design where everything is connected to the
same network and all server components and clients run on the same server/PC.
Typically, you would run the management server, recording server and XProtect
Smart Client(s) on separate servers/PCs, but if the server/PC is powerful enough and
you just have a few cameras, everything could be installed on a single server (or
laptop for demonstration purposes).
Page17 of 30
Design 2 – Single system. Up to 100 cameras
This VMS design is the most basic design with all cameras, server components and
clients connected to the same network.
Typically, you would run the management server and recording server on separate
servers as shown in the diagram, but if the server is powerful enough or you have just
a small number of cameras the recording server could be installed on the same server
as the management server.
If uninterrupted video operation is needed, a failover recording server can be added.
Page18 of 30
Design 3 – Single system. More than 100 cameras
Note: When the system is larger than 300 cameras it is recommended to use a full
version of the SQL server and run it on a dedicated server.
Furthermore, when having many cameras in the system, it is recommended to
separate the client network from the camera network by creating a separate camera
network for each recording server and its cameras.
Separating the client network from the camera network increases performance,
stability and security and makes it easier to dimension the network.
 Performance is increased by separating the traffic to and from recording servers
so any high load on the client network does not impact the recording
performance
 Stability is increased because any network interference on the client network
does not affect the camera network
 Security is increased because clients and other equipment on the client network
cannot contact the camera directly and hack into the camera to change settings
or in any other way interfere with the operation
 Dimensioning of the network is made easier because the load is separated to
several different networks where the load, especially on the critical camera
network, easily can be calculated
Page19 of 30
Design 4 – Single system, multiple sites. No direct user access in remote
sites
This design is in essence the same as design 2, with the difference that each recording
server is not located on the main site with the management server and users, but on
separate remote physical sites.
Should failover functionality be needed, it is recommended to place a failover
recording server on each remote site to contain the traffic to the site in case of failure.
The network connection from the remote sites to the main site only needs to have
enough bandwidth for the number of cameras to be viewed live or played back at the
same time.
Page20 of 30
Design 5 - Multiple systems, multiple sites. Direct user access to remote sites
using Milestone Federated Architecture
In a geographically distributed VMS system where users access video locally on each
of the sites, it is recommended to design the system using Milestone Federated
Architecture.
Page21 of 30
This solution requires that all sites are on the same Microsoft Windows domain or that
a domain trust has been established between the different Microsoft Windows
domains.
Furthermore, the network connections between the different sites must be fairly
stable and have enough bandwidth for the required use, or log in may take a long
time and the video experience may be poor.
Milestone Federated Architecture offers a number of advantages:
 Independent design and configuration
o Each site can be designed independently only taking the site’s cameras
and user requirements into consideration
o Each site can be configured independently keeping the complexity of the
overall system down
o User and administrator rights can be set per site
 Seamless access
o Users on a central site can access the entire federated system seamlessly
via a single log-in
o Local users on the remote site can access the system on their site even if
the connection to the central site is broken
For more information on Milestone Federated Architecture see:
http://www.milestonesys.com/SharePoint/White%20papers/Milestone_Federated_Arc
hitecture_with_synapsis.pdf.
Page22 of 30
Design 6 – Multiple systems, multiple sites. Direct user access to remote
sites using Milestone Interconnect
In a physically distributed VMS system, where there is a need for accessing the video
directly by users on remote sites and where the network connections between the
central and remote sites are unstable or intermittent, or the sites are not part of the
same Microsoft Windows domain, it is recommended to design the overall system
using Milestone Interconnect.
Page23 of 30
With Milestone Interconnect, a Microsoft Windows domain trust is not needed, and the
sites can run any Milestone VMS version. Milestone Interconnect is thus well suited to
interconnect VMS systems from multiple customers to a central site, for instance with
a city surveillance installation.
Milestone Interconnect offers a number of advantages:
 Independent design and configuration
o Each site can be designed independently only taking the site’s cameras
and user requirements into consideration
o Each site can be configured independently keeping the complexity of the
overall system down
o User and administrator rights can be set per site
o It is possible to use any XProtect product on the remote sites
 Seamless access
o Users on the central site can access the entire interconnected system
seamlessly via a single log-in
o Local users on a remote site can access the system on their site even if
the connection to the central site is broken
 Flexible recording
o With Milestone interconnect it is possible to automatically retrieve the
recordings made on the remote system when the network connection to
it is restored, for instance for surveillance in vehicles like cars, buses,
trains and ferries
o In addition to automatic retrieval, the system offers rule, schedule and
user-activated retrieval of recordings
o Alternatively, recordings can be played back directly from the remote site
 Network connection
o With Milestone Interconnect the system can automatically handle
unstable and intermittent network connections between the central and
remote sites
In addition to the advantages listed above, Milestone Interconnect offers a long list of
advanced functions and benefits. For more information see:
http://www.milestonesys.com/SharePoint/White%20papers/Milestone_Interconnect.p
df.
Integration with standard IT technology
Milestone XProtect Expert and XProtect Corporate integrate seamlessly with commonly
used IT technology and tools, and use terms and technologies commonly known by
the IT administrator. This makes it easy for IT administrators to choose, deploy and
administrate the VMS because the learning curve is low for people with IT knowledge.
The Milestone XProtect VMS looks like and is managed like an IT system, the data is
just video streams instead of files, transactions, business data, etc.
The below list are examples of how Milestone XProtect Expert and XProtect Corporate
integrate with and use standard IT technology:
Page24 of 30
Microsoft Active Directory (AD)
Users and groups from the AD can be used in the security roles in the VMS. This
makes it easy via the AD groups to administrate who can access the VMS and what
they can access. New users to the system are simply added to the right AD group(s)
and they have access.
Per default the system is installed using LOCAL SYSTEM as account for services. It can
be advantageous to use Active Directory accounts for these instead.
Further, Active Directory provides time synchronization between servers, which is
important for proper system operation. Using Milestone Federated Architecture is
depending on Active Directory. Deployment across different Active Directory domains
is possible provided domain trust is established
SQL server
For installations with less than 300 cameras, the included free SQL Server Express
edition can be used, but in general it is recommended to use a full version of Microsoft
SQL Server as it offers better performance and most importantly, it offers scheduled
backup of the database.
The whole system configuration is stored in the SQL server, so it is important to
configure a regular backup of the VMS configuration database and not just make a
manual one-time backup through the Management Client, because this backup will
quickly become outdated due to configuration changes, such as replacing cameras,
adding/deleting users, changing camera settings, etc.
It is recommended to implement a transaction log backup and shrink schedule or
change the SQL database backup type to Simple, to avoid continuous buildup of
transaction logs.
Virtualization
Virtualization technologies like Microsoft Hyper-V and VMware can be used for all
Milestone XProtect software and their individual components, and they are used
widely within R&D in Milestone Systems A/S during development, test, support, etc.
For the majority of installations, it is commonplace to run the management server and
event server in a virtual environment and there are many benefits to doing so as the
resource consumption is minimal and the benefits of high availability and zero
downtime maintenance for these components are very desirable.
For the recording server or failover recording server the benefits of running them in a
virtual environment is typically negligible as the recording server take full advantage
of server processing resources.
There are though some installations where virtualization of the recording servers may
be desirable:
o If the physical recording servers require zero down time maintenance then
features such as VMotion (for VMware) or Live Migration (for Hyper-V) would be
Page25 of 30
o
beneficial. VMotion and Live Migration have both been successfully tested with a
Milestone Recording Server
For use with a failover recording server to provide failover capability to multiple
recording servers at the same time. As a single failover recording server only
can provide failover capabilities to a single recording server at a time
virtualization can be used to accommodate multiple failover recording server
instances on a single hardware platform
When using a virtual environment, each virtual server should be allocated at least the
same resources as would be for a physical server.
VLAN
It is possible to use VLAN with Milestone XProtect software to segment and separate
the network and its traffic. If using VLAN to segment and share network equipment
between standard network traffic and video surveillance traffic, it is important to take
into account that, depending on the number of cameras and their stream
configuration, the video surveillance traffic can place a very high and permanent load
on the network because video from all cameras is streamed permanently to the
recording servers.
A quick example: 100 cameras on a recording server running at HD resolution at 25
or 30 frames per second using 2 Mbit/s per camera amounts to a constant 200 Mbit/s
load on the network to the recording server.
In addition to the constant traffic from the cameras to the recording server, the traffic
from the recording server to the clients must also be taken into account.
Firewall
The video streams from the Milestone XProtect software can be streamed through
firewalls by permitting/forwarding the used ports and protocols. This allows for
cameras or clients to be located outside the local network, for instance on public
Internet.
Please consult the software documentation for an overview of used ports and
protocols.
VPN
Standard VPN can be used to further protect and encrypt the video streams and video
surveillance system communication, if the clients or cameras are connected via public
Internet. As an alternative to pure port forwarding in a router or firewall, VPN can also
be used to provide access to the VMS from the Internet.
IPv4 and IPv6
Milestone XProtect Expert and XProtect Corporate support both IPv4 and IPv6,
including multicast.
VMS, server and network monitoring
Milestone XProtect software runs on standard IT equipment, such as servers, storage,
network switches, etc., standard IT monitoring products, and software already known
Page26 of 30
by the IT administrators can also be used to monitor the health and status of the
equipment running the VMS. This makes it easy to integrate Milestone XProtect
software in the existing IT infrastructure and work processes.
In extension to external system monitoring tools, Milestone XProtect Expert and
XProtect Corporate support a built-in function with dedicated user interface called
System Monitor, which gives an overview of the load and use of the servers and their
storage as well as the network in general. In addition to this, System Monitor also
provides an overview of VMS-specific parameters like storage and network use per
camera.
Email
In addition to the technical monitoring mentioned above, Milestone XProtect Expert
and XProtect Corporate VMS can use email to send notifications of technical issues,
security events or events from third-party integrations. It is also possible to include
still images and AVIs of the event in the email notification.
SNMP
It is possible to use SNMP traps to send notifications to a standard network monitoring
product, for instance SolarWinds Kiwi Syslog.
NTP
When timestamps are enabled to be overlaid on the video from the cameras or when
Edge Storage is used in the cameras, it is necessary to set up a Network Time
Protocol server (NTP) and configure the cameras to synchronize its time with the NTP
server. The NTP server must be synchronized with the VMS servers’ time source,
typically a domain controller, so all parts of the VMS use the same time. If this is not
done, the video overlaid timestamps will, over time, drift and deviate from the VMS
time stamps because the camera clocks are not very precise, and for Edge Storage
the solution will stop working once the camera and VMS time stamps are too far
apart.
Windows reliability and performance monitor (Perfmon)
Windows Perfmon is a powerful performance monitoring tool that is built into
Windows.
Perfmon can be used to track various windows counters like CPU, network, disk load
and I/O, etc., over time. In addition to the standard Windows counters, it can also
monitor counters from other software services if they offer service-specific counters.
Milestone XProtect Expert and XProtect Corporate support a wide range of VMSspecific Perfmon counters that can be used to monitor the VMS’ performance and
pinpoint issues or bottlenecks within the VMS or its use of the server hardware.
Perfmon can be found and started by typing “perfmon” in the start menu
search/command field.
Page27 of 30
Benefits and summary
As discussed in this white paper, Milestone XProtect Corporate and XProtect Expert
build on a flexible multi-tiered client-server system architecture, where the open
architecture ensures compatibility with standard hardware, storage and IT
technologies. This enables full system scalability of the VMS solution, from small
single-server systems, to distributed multi-thousand camera systems, enabling the
most optimal hardware technology platform to be selected for a given customer
application considering cost and performance.
The modular system architecture also permits cost-efficient expansion and
maintenance of systems in service because additional recording servers can be added
when and as needed, and the camera driver layer, server components and client
applications may be upgraded independently.
To meet the strictest needs for system security and reliability, XProtect Corporate and
XProtect Expert offer the possibility to separate the camera network from the client
network to eliminate any interference in the video communication between the
cameras and the recording servers and traffic on the client network. This physical
separation furthermore prevents users, or other unauthorized persons, from gaining
access to video or tampering with camera settings. In addition to this, XProtect
Corporate and XProtect Expert provide an array of built-in security and highavailability mechanisms, including support for secure camera communication via
Page28 of 30
HTTPS, fault tolerance using cold-standby or hot-standby failover recording servers
and Microsoft clustering.
Embracing standard IT technologies and concepts, such as standard IPv4 and IPv6
network communication, Microsoft Active Directory, virtualization technologies, SQL
databases and SNMP, XProtect Corporate and XProtect Expert fit into the existing IT
topology. This allows system administrators to apply existing knowledge and IT tools
when managing the VMS system, as a complement to the native central management
and monitoring functions available via the Management Client. This not only reduces
the cost of equipment and training of system administrators, but it also reduces the
overall cost of maintaining the system in production.
Page29 of 30
About Milestone Systems
Founded in 1998, Milestone Systems is the global industry leader in open platform IP video management
software. The XProtect platform delivers powerful surveillance that is easy to manage, reliable and
proven in thousands of customer installations around the world. With support for the widest choice in
network hardware and integration with other systems, XProtect provides best-in-class solutions to video
enable organizations – managing risks, protecting people and assets, optimizing processes and reducing
costs. Milestone software is sold through authorized and certified partners. For more information,
visit www.milestonesys.com
Milestone Systems Headquarters, DK
Tel: +45 88 300 300
Milestone Systems US
Tel: +1 503 350 1100
Page30 of 30